Insight and highlights from the VMware Fusion Team for running Windows on your Mac

As I’m sure you noticed, we’ve delivered a flurry of patch-releases for Fusion and Workstation in the last few weeks. Want to know why? Because security matters.

More visibility

The Pwn2Own competition at the CanSecWest conference put a huge bounty on ‘vmescape‘. They’re not the first to do this, and they won’t be the last. And I want to be clear up front, we’re delighted that they helped us make our products more robust, and more secure.

For those not following this closely, ‘vmescape’ is the challenge of executing code on a host machine, that originated on a virtual machine. In other words, you have to execute something on a virtual computer, that tricks the hypervisor, such as Fusion, Workstation, ESXi, etc, in to passing that code through to the host computer, effectively breaking out of the guest with the intent of controlling or damaging the host.

While the successful exploits themselves are interesting to note, the likelihood of this causing actual damage to you, in the real world is pretty small. Partly because of the nature and complexity of the technology involved, and partly because of the bevy of unknowables of a real production system. Mike Foley, one of our foremost security gurus, notes:

Hard to do, but still imperative that we fix. And so we have. With an abundance of gratitude to our incredibly talented security team, working directly with our multi-discipline engineering teams, we think we’ve been on top of things.

Platform security is critically important

Virtualization technology today is used more widely, and in more critical systems than ever. With VMware having such a prominent footprint both on the desktop and in the data center, we take our role and responsibility in this very seriously.

While many of our Fusion & Workstation customers are considered ‘consumers’, (i.e. they have a single copy installed on their own personal machine), the majority of our customers are business, both small and large. Security for the end-user is important, but when we’re talking about corporate systems and virtual desktops that connect to those systems, the need for an air-tight virtualization stack becomes an imperative.

To that end, we’ve delivered 3 critical patches for both Fusion and Workstation (both Pro and Player), each addressing different security issues documented in our Security Advisory announcements (which can be found here), all within the past 3 weeks.

We understand that this makes it tricky for you. Updating software is never fun – even if it’s fully automated – and we appreciate the anxiety we may have caused you, but I hope you agree, it was worth it

Collaboration is Key

We’re very proud of our engineering teams. Cross collaboration between them is critical when addressing complex issues, made more difficult by the need for rapid delivery. And of course while patching is critical, maintaining a high level of product quality is something we refuse to compromise on.

We work directly with security researchers who demonstrate some pretty slick exploits at several security shows, and we’re keen to see that trend continue. In this day-and-age, when breaches and data privacy issues are making mainstream headlines, we couldn’t do this without the collaboration we get from the community. We are immensely grateful to you.

Now, Secure yourself

It’s always important to stay up to date with security patches for all software you own/use/control. If your software hasn’t auto-updated already, get the latest patches [here]. And while we have your security attention, we recently came up with a nice little way to use Fusion and Workstation to help increase both your own security and privacy when dealing with online threats.

For this use case, we have a nice summary infographic and video, with more detailed writeups for safely surfing the Internet with Fusion and Workstation [linked respectively].

Here on the Personal Desktop team (which is the product group containing our Fusion and Workstation products), we love our users. We bend over backwards to make sure the products are secure, and work in a way that our users expect with regular new features and the stability we’ve all come to depend on.

In this vein, the VMware User Group, or VMUG, members are our most passionate and advanced users. These are the kind of users who rely on Fusion or Workstation to test applications and operating systems locally before pushing to their bigger vSphere platform. They know virtualization inside and out, are our earliest adopters, and dedicate time to testing the latest and greatest from any vendor that wishes to have a footprint in their data center.

The VMUG Advantage program includes the ‘VMUG EvalExperience’ subscription which provides exclusive access to 1-year evaluation licenses of VMware’s flagship products and solutions, for use as a learning tool in your home lab. In addition, you get:

EVALExperience

20% Discount on VMware Training Classes

20% Discount on VMware Certification Exams

$500 IBM SoftLayer Cloud Credit

35% Discount on VMware Lab Connect

$100 Discount on VMworld Attendance

The full list of products in the EVALExperience program includes:

VMware Workstation Pro 12.5

VMware Fusion Pro 8.5

VMware vCenter Server Standard for vSphere 6

VMware vSphere with Operations Management Enterprise Plus

VMware vCloud Suite Standard

VMware vRealize Operations

VMware vRealize Log Insight

VMware vRealize Operations for Horizon

VMware Horizon Advanced Edition

VMware vSAN

If you’re an admin who works with VMware’s products, there’s never been a better time or reason to join the VMUG Advantage program!

Did you know that today’s Internet is more than just web pages? Shocker, right?

Well… did you know that VMware Fusion and VMware Workstation can help protect you when browsing the wide-open Internet?

How so, you might ask?

When you surf online you are being tracked in a number of ways. Tracking “Cookies”, IP Addresses, Geo Location and Language, Browsing History, Invisible tracking pixels/images and more. All working in concert to build a profile of you and your online habits.

In addition to just standard browsing being tracked, there’s also ‘the bad guys’ out there:

Using VMware Fusion (or VMware Workstation) on your desktop to run a different operating system and web browser in a virtual sandbox keeps your main operating system safe, anonymous and protected from online threats.

And with the biggest sale of the year going on right now, there’s never been a better time to get up to date if you’re on Fusion 7 or older.

Today we’ve released an update to our favourite Mac virtualization product to address some critical stability issues on certain configurations of macOS 10.12. Users would get an ‘internal error’ message and Fusion would quit unexpectedly. This release fixes that issue.

Users can download the update from within the product by clicking ‘Check for Updates’, or you can grab the raw bits right from vmware.com/go/getfusion

It’s also the perfect time to update to the latest supported version of our most popular products with our Cyber Monday sale going on all week.

Yes, I know that’s a cheesy title, but in the office where we control Fusion and Workstation every day starts with a conversation about you. We talk about things that are trending on Twitter & Facebook, what’s happening on our community forums, and what people are asking us in our inboxes.

Some days it’s all good news, others it bad. Often it’s a mixture, but every day we’re grateful that you’re engaged with us, so that together we can build a better product.

Back in the summer we ran a competition to see what you’d say about us on YouTube. The results surprised us. I can honestly say that we were not expecting the volume of entries that our little give-away generated.

We are truly thankful that you are our customer.

Please stay engaged. Negative or positive, we want to hear your thoughts on the current product, and where you think it should go next.

In the meanwhile, in no order, here’s my favorite top 10 videos from the competition

It’s nearly that time again… Black Friday and Cyber Monday are quickly approaching!

We’re going to have our award winning virtualization products on sale at huge discounts just in time for the holidays.

If you had been holding off upgrading to Fusion 8.5, our Black Friday and Cyber Monday sales are the biggest discounts we offer all year, it’s the perfect time to get supported under macOS Sierra and Windows 10 Anniversary (which has been called ‘the most secure Windows to date‘.

In other news, we also just released a security patch to address a vulnerability demonstrated at this year’s PwnFest festival in Seoul, Korea last week. We patched the vulnerability in hours and pushed the release on Sunday to protect our users.

Did you know that VMware Fusion makes it easy to manage a fleet of Bring Your Own Device users? By adding VMware Horizon FLEX, businesses have more control over local virtual desktops than ever before. Use Fusion or Workstation to create your ‘Gold Master’ templates and then share those with end users. The templates can be restricted and even encrypted, and managed from a central console: Horizon FLEX.

Even when used un-namaged, Fusion allows Macs to live in the enterprise like never before. Users can run the corporate desktop, complete with custom windows-only application developed in-house, right from their Mac.

Build the next big thing with Fusion

Did you know that thousands of developers use VMware Fusion every day for all kinds of development and testing?

Build and test apps for any platform, cloud or desktop, or work with the latest in container technology by deploying VMware’s own PhotonOS. Purpose built for running Docker, Garden and rat applications, PhotonOS is there to help you build applications locally in a cloud-ready environment.

To learn more about what developers and IT professionals consider ‘the most stable Mac virtualization platform’, check out our video below and then visit our product page!